The Combined Harm Assessment for Safety and Security of Information Systems is a method for performing safety and security requirements elicitation. This document describes the guideline for applying the method.